Data Protection and FOI

Data Protection

The General Data Protection Regulation (GDPR) came into effect on Friday 25th May

2018. Data Protection/GDPR policies can be found in the policies section.

Privacy Notices: these inform individuals of their legal rights regarding the data we process about them, why we process it – including the legal basis for doing so, how long we hold it for, and how it can be accessed – as well as other relevant information. These can be found in the attachments section below.

Subject Access Requests: if you would like access to data that you believe we hold, please e-mail Dean Newby (Lead Data Controller).

Retention of Data: our retention periods have been written in line with the Information and Records Management Society School Toolkit. This ensures that we only hold data for the necessary and recommended amount of time.

Our Record of Data Processing Activities documentation, which includes our retention periods for each data asset, is reviewed on a termly basis, and is audited by the Board of Trustees on an annual basis.


  • Data Protection Lead and Lead Data Controller: Dean Newby,
  • Data Protection Officer (DPO): Deepti Bal,
  • Information Commissioner’s Office: service -or- 0303 123 1113


Freedom of Information

Publication Scheme: all public authorities, including schools, are required under the Freedom of Information Act to adopt a publication scheme that has been approved by the Information Commissioner.

There is currently one approved model publication scheme, which has been produced by the Information Commissioner’s Office (ICO). Schools must adopt the ICO’s model scheme and make it publicly available – this can be found in the attachments section below.

Our Published Guide to Information

Schools should publish a guide to information alongside the publication scheme. The guide should specify:

  • the documents available
  • the format of the documents
  • any charges made for the information

This guide can be found in the attachments section below.